Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2112
HistoryFeb 14, 2023 - 11:48 a.m.

Advisory ROSA-SA-2023-2112

2023-02-1411:48:50
ROSA LAB
abf.rosalinux.ru
19
grub2
rosa-sa-2023-2112
cve-2022-28733
integer overflow
yum update command
security update
remote code execution
os rosa-server79

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.5%

Software: grub2 2.02
OS: rosa-server79

package_evr_string: grub2-2.02-0.87

CVE-ID: CVE-2022-28733
BDU-ID: 2022-03372
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the grub_net_recv_ip4_packets function of the Grub operating systems bootloader program is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending specially crafted IP packets
CVE-STATUS: Resolved
CVE-REC: To close, run the yum update command

OSVersionArchitecturePackageVersionFilename
rosaanynoarchgrub2< 2.02UNKNOWN

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.5%